makeTLSConn will wrap an existing Conn using TLS
()
| 2379 | |
| 2380 | // makeTLSConn will wrap an existing Conn using TLS |
| 2381 | func (nc *Conn) makeTLSConn() error { |
| 2382 | if nc.Opts.CustomDialer != nil { |
| 2383 | // we do nothing when asked to skip the TLS wrapper |
| 2384 | sd, ok := nc.Opts.CustomDialer.(skipTLSDialer) |
| 2385 | if ok && sd.SkipTLSHandshake() { |
| 2386 | return nil |
| 2387 | } |
| 2388 | } |
| 2389 | // Allow the user to configure their own tls.Config structure. |
| 2390 | tlsCopy := &tls.Config{} |
| 2391 | if nc.Opts.TLSConfig != nil { |
| 2392 | tlsCopy = util.CloneTLSConfig(nc.Opts.TLSConfig) |
| 2393 | } |
| 2394 | if nc.Opts.TLSCertCB != nil { |
| 2395 | cert, err := nc.Opts.TLSCertCB() |
| 2396 | if err != nil { |
| 2397 | return err |
| 2398 | } |
| 2399 | tlsCopy.Certificates = []tls.Certificate{cert} |
| 2400 | } |
| 2401 | if nc.Opts.RootCAsCB != nil { |
| 2402 | rootCAs, err := nc.Opts.RootCAsCB() |
| 2403 | if err != nil { |
| 2404 | return err |
| 2405 | } |
| 2406 | tlsCopy.RootCAs = rootCAs |
| 2407 | } |
| 2408 | // If its blank we will override it with the current host |
| 2409 | if tlsCopy.ServerName == _EMPTY_ { |
| 2410 | if nc.current.tlsName != _EMPTY_ { |
| 2411 | tlsCopy.ServerName = nc.current.tlsName |
| 2412 | } else { |
| 2413 | h, _, _ := net.SplitHostPort(nc.current.URL.Host) |
| 2414 | tlsCopy.ServerName = h |
| 2415 | } |
| 2416 | } |
| 2417 | nc.conn = tls.Client(nc.conn, tlsCopy) |
| 2418 | conn := nc.conn.(*tls.Conn) |
| 2419 | if err := conn.Handshake(); err != nil { |
| 2420 | return fmt.Errorf("%w: %w", ErrTLS, err) |
| 2421 | } |
| 2422 | nc.bindToNewConn() |
| 2423 | return nil |
| 2424 | } |
| 2425 | |
| 2426 | // TLSConnectionState retrieves the state of the TLS connection to the server |
| 2427 | func (nc *Conn) TLSConnectionState() (tls.ConnectionState, error) { |
no test coverage detected